ChK/appServerPortalUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Emergency Stop fix 3

Browse Source
This commit is contained in:
chk
2026-06-12 19:22:50 +02:00
parent 657a2a0670
commit 8706bc4c01
2 changed files with 69 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
auth/auth.js
View File

@@ -3,10 +3,47 @@ import cookieParser from "cookie-parser";
import bcrypt from "bcrypt";
import fs from "fs";
import crypto from "crypto";
import https from "https";
const USERS = JSON.parse(fs.readFileSync("./users.json"));
const SESSIONS = {}; // in-memory session store
// Robot-Driver hinter dem Tunnel (TLS, selbst-signiert -> Verify aus)
const DRIVER_HOST = "appServer_TunnelHead";
const DRIVER_PORT = 9798;
// Kleiner HTTPS-Proxy-Helfer zum Driver (Core-Modul, keine Extra-Dependency)
function driverRequest(method, path) {
return new Promise((resolve, reject) => {
const req = https.request(
{
host: DRIVER_HOST,
port: DRIVER_PORT,
path,
method,
rejectUnauthorized: false, // entspricht nginx proxy_ssl_verify off
timeout: 5000
},
(res) => {
let body = "";
res.on("data", (c) => { body += c; });
res.on("end", () => resolve({ status: res.statusCode, body }));
}
);
req.on("timeout", () => req.destroy(new Error("driver timeout")));
req.on("error", reject);
req.end();
});
}
// Session-Guard: true wenn eingeloggt, sonst sendet selbst 401
function requireSession(req, res) {
const sid = req.cookies.SESSIONID;
if (sid && SESSIONS[sid]) return true;
res.status(401).send({ ok: false, error: "not authenticated" });
return false;
}
const app = express();
app.use(express.json());
app.use(cookieParser());
@@ -84,4 +121,36 @@ app.get("/api/status", (req, res) => {
return res.status(401).send({ ok: false });
});
// ===========================
// Robot-Driver Proxy (same-origin, auth-geschützt)
// Nginx leitet /api/ auf diesen Service -> kein CORS, Cookie wird mitgeschickt.
// ===========================
// Armed-Status abfragen: GET /api/power-status
app.get("/api/power-status", async (req, res) => {
if (!requireSession(req, res)) return;
try {
const r = await driverRequest("GET", "/api/power-status");
res.status(r.status).type("application/json").send(r.body);
} catch (e) {
console.error("power-status proxy error:", e.message);
// Failsafe: Driver nicht erreichbar -> armed:false, Button bleibt versteckt
res.status(502).send({ ok: false, armed: false, error: "driver unreachable" });
}
});
// Not-Aus auslösen: POST /api/emergency-stop
app.post("/api/emergency-stop", async (req, res) => {
if (!requireSession(req, res)) return;
const user = SESSIONS[req.cookies.SESSIONID].user;
console.log(`EMERGENCY-STOP ausgelöst von user=${user}`);
try {
const r = await driverRequest("POST", "/api/emergency-stop");
res.status(r.status).type("application/json").send(r.body);
} catch (e) {
console.error("emergency-stop proxy error:", e.message);
res.status(502).send({ ok: false, error: "driver unreachable" });
}
});
app.listen(3000, ()=>console.log("Auth-Service läuft auf 3000"));

17
nginxPages/10-server-schooltech.conf
View File

@@ -17,23 +17,6 @@ server {
try_files $uri $uri/ /index.html;
}
# Robot Driver: power-status + emergency-stop (interner Proxy, vermeidet CORS)
location = /api/power-status {
proxy_pass http://appServer_TunnelHead:9798/api/power-status;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /api/emergency-stop {
proxy_pass http://appServer_TunnelHead:9798/api/emergency-stop;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API forwarding (auth)
location /api/ {
proxy_pass http://appserverauth:3000/api/;